You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Startnow Toolbar malware, now hearing mouse clicks....???

Hi, I google searched "hearing mouse clicks," and I found my way here, ( wow! amazing forum, much appreciation to whoever can help.)

Yesterday, had a Startnow Toolbar show up, ran Microsoft essentials, ( previously installed,) no results. Google searched that, removed the Startnow Toolbar file from Program (x86) file in safe mode. Seemed to be ok, didn't notice anything after that, came home after work today and woke the pc up, heard a series of mouse clicks. No other known issues at this point.

Error: (03/02/2014 00:19:29 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (03/02/2014 10:38:28 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{1FBE51EF-1E25-4CD8-B0F3-EAE57654226B} because another computer on the network has the same name. The server could not start.

Error: (03/02/2014 01:54:16 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (03/02/2014 01:54:16 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/28/2014 02:23:04 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/28/2014 02:23:04 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/28/2014 02:20:49 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service failed to start due to the following error:
%%1053

Error: (02/28/2014 02:20:49 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.

Ok aharonov, I ran the scan, ( for anyone else reading this, it took about 2-1/2 hrs,) and I did not uninstall when I clicked "finish."

(after I downloaded ESET, and turned off my anti-virus/malware, I was paranoid & not thinking... lol, so I shut off my internet connection, but when ESET said it couldn't connect I turned it back on, duh! So I'm thinking why the log starts with the "can not open..." Sorry about that.)

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: .
Thank you!

Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.

DelFix should remove all our tools and delete itself afterwards. I don't need the log file.

If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader XI (11.0.05)
Mozilla Firefox 19.0.2

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.